sha1 is not working in password encryption

Question

I am using sha1 encryption for encrypting my password, but I am facing problem with that. For some users, login is not working.

my code,(in sign up)

// all validation is done here
$password = sha1($_POST['password']);

// inserting data is here

in login my query is

$email     = $_POST['email'];
$password  = sha1($_POST['password']);

select * from users where email = $email and password = $password and status = 1 and deleted = 0;

one of the user facing problem with password,

im$$man

Am I doing some thing wrong.

please help me.

Answer 1

I am using sha1 encryption for encrypting my password,

Nope. SHA1 isn't encryption, it's a hash function. Understanding the difference between encrypting and hashing is crucial to implementing this safely:

• Doing it right: use password_hash() and password_verify()
• Doing it wrong: Encrypting with TripleDES-ECB

Also, the way you wrote your query leads me to believe it is vulnerable to SQL injection.